Fix test-network to work with BFT consensus.

Added a new option for creating channel:
Running ./network.sh createChannel -bft will initiate a channel running BFT orderers.
Using ./network.sh up -bft will initiate dockers for bft environment.
Added option for 4 orderers.

Add add_new_orderer_to_config.py which is referenced in the fabric official docs.

Signed-off-by: Arkadi Piven <arkadi.piven@ibm.com>
Signed-off-by: arkadipiven <arkadi7770@gmail.com>

test-network/README.md

@@ -2,6 +2,26 @@
 
 You can use the `./network.sh` script to stand up a simple Fabric test network. The test network has two peer organizations with one peer each and a single node raft ordering service. You can also use the `./network.sh` script to create channels and deploy chaincode. For more information, see [Using the Fabric test network](https://hyperledger-fabric.readthedocs.io/en/latest/test_network.html). The test network is being introduced in Fabric v2.0 as the long term replacement for the `first-network` sample.
 
+If you are planning to run the test network with consesnsus type BFT then please pass `-bft` flag as input to the `network.sh` script when creating the channel.
+That is to create a network use:
+```bash
+./network.sh up -bft
+```
+
+To create a channel use:
+
+```bash
+./network.sh createChannel -bft
+```
+
+To restart a running network use:
+
+```bash
+./network.sh restart -bft
+```
+
+Note that running the createChannel command will start the network, if it is not already running.
+
 Before you can deploy the test network, you need to follow the instructions to [Install the Samples, Binaries and Docker Images](https://hyperledger-fabric.readthedocs.io/en/latest/install.html) in the Hyperledger Fabric documentation.
 
 ## Using the Peer commands

test-network/bft-config/configtx.yaml

@@ -0,0 +1,312 @@
+# Copyright IBM Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+---
+################################################################################
+#
+#   Section: Organizations
+#
+#   - This section defines the different organizational identities which will
+#   be referenced later in the configuration.
+#
+################################################################################
+Organizations:
+  - &OrdererOrg
+    # SampleOrg defines an MSP using the sampleconfig.  It should never be used
+    # in production but may be used as a template for other definitions
+    # DefaultOrg defines the organization which is used in the sampleconfig
+    # of the fabric.git development environment
+    Name: OrdererOrg
+    # ID to load the MSP definition as
+    ID: OrdererMSP
+    # MSPDir is the filesystem path which contains the MSP configuration
+    MSPDir: ../organizations/ordererOrganizations/example.com/msp
+    # Policies defines the set of policies at this level of the config tree
+    # For organization policies, their canonical path is usually
+    #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
+    Policies:
+      Readers:
+        Type: Signature
+        Rule: "OR('OrdererMSP.member')"
+      Writers:
+        Type: Signature
+        Rule: "OR('OrdererMSP.member')"
+      Admins:
+        Type: Signature
+        Rule: "OR('OrdererMSP.admin')"
+    OrdererEndpoints:
+      - orderer.example.com:7050
+      - orderer.example.com:7052
+      - orderer.example.com:7056
+      - orderer.example.com:7058
+  - &Org1
+    # DefaultOrg defines the organization which is used in the sampleconfig
+    # of the fabric.git development environment
+    Name: Org1MSP
+    # ID to load the MSP definition as
+    ID: Org1MSP
+    MSPDir: ../organizations/peerOrganizations/org1.example.com/msp
+    # Policies defines the set of policies at this level of the config tree
+    # For organization policies, their canonical path is usually
+    #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
+    Policies:
+      Readers:
+        Type: Signature
+        Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
+      Writers:
+        Type: Signature
+        Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
+      Admins:
+        Type: Signature
+        Rule: "OR('Org1MSP.admin')"
+      Endorsement:
+        Type: Signature
+        Rule: "OR('Org1MSP.peer')"
+  - &Org2
+    # DefaultOrg defines the organization which is used in the sampleconfig
+    # of the fabric.git development environment
+    Name: Org2MSP
+    # ID to load the MSP definition as
+    ID: Org2MSP
+    MSPDir: ../organizations/peerOrganizations/org2.example.com/msp
+    # Policies defines the set of policies at this level of the config tree
+    # For organization policies, their canonical path is usually
+    #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
+    Policies:
+      Readers:
+        Type: Signature
+        Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
+      Writers:
+        Type: Signature
+        Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
+      Admins:
+        Type: Signature
+        Rule: "OR('Org2MSP.admin')"
+      Endorsement:
+        Type: Signature
+        Rule: "OR('Org2MSP.peer')"
+################################################################################
+#
+#   SECTION: Capabilities
+#
+#   - This section defines the capabilities of fabric network. This is a new
+#   concept as of v1.1.0 and should not be utilized in mixed networks with
+#   v1.0.x peers and orderers.  Capabilities define features which must be
+#   present in a fabric binary for that binary to safely participate in the
+#   fabric network.  For instance, if a new MSP type is added, newer binaries
+#   might recognize and validate the signatures from this type, while older
+#   binaries without this support would be unable to validate those
+#   transactions.  This could lead to different versions of the fabric binaries
+#   having different world states.  Instead, defining a capability for a channel
+#   informs those binaries without this capability that they must cease
+#   processing transactions until they have been upgraded.  For v1.0.x if any
+#   capabilities are defined (including a map with all capabilities turned off)
+#   then the v1.0.x peer will deliberately crash.
+#
+################################################################################
+Capabilities:
+  # Channel capabilities apply to both the orderers and the peers and must be
+  # supported by both.
+  # Set the value of the capability to true to require it.
+  Channel: &ChannelCapabilities
+    # V3.0 for Channel is a catchall flag for behavior which has been
+    # determined to be desired for all orderers and peers running at the v3.0.0
+    # level, but which would be incompatible with orderers and peers from
+    # prior releases.
+    # Prior to enabling V3.0 channel capabilities, ensure that all
+    # orderers and peers on a channel are at v3.0.0 or later.
+    V3_0: true
+  # Orderer capabilities apply only to the orderers, and may be safely
+  # used with prior release peers.
+  # Set the value of the capability to true to require it.
+  Orderer: &OrdererCapabilities
+    # V2_0 orderer capability ensures that orderers behave according
+    # to v2.0 orderer capabilities. Orderers from
+    # prior releases would behave in an incompatible way, and are therefore
+    # not able to participate in channels at v2.0 orderer capability.
+    # Prior to enabling V2.0 orderer capabilities, ensure that all
+    # orderers on channel are at v2.0.0 or later.
+    V2_0: true
+  # Application capabilities apply only to the peer network, and may be safely
+  # used with prior release orderers.
+  # Set the value of the capability to true to require it.
+  Application: &ApplicationCapabilities
+    # V2.5 for Application enables the new non-backwards compatible
+    # features of fabric v2.5, namely the ability to purge private data.
+    # Prior to enabling V2.5 application capabilities, ensure that all
+    # peers on a channel are at v2.5.0 or later.
+    V2_5: true
+################################################################################
+#
+#   SECTION: Application
+#
+#   - This section defines the values to encode into a config transaction or
+#   genesis block for application related parameters
+#
+################################################################################
+Application: &ApplicationDefaults
+  # Organizations is the list of orgs which are defined as participants on
+  # the application side of the network
+  Organizations:
+  # Policies defines the set of policies at this level of the config tree
+  # For Application policies, their canonical path is
+  #   /Channel/Application/<PolicyName>
+  Policies:
+    Readers:
+      Type: ImplicitMeta
+      Rule: "ANY Readers"
+    Writers:
+      Type: ImplicitMeta
+      Rule: "ANY Writers"
+    Admins:
+      Type: ImplicitMeta
+      Rule: "MAJORITY Admins"
+    LifecycleEndorsement:
+      Type: ImplicitMeta
+      Rule: "MAJORITY Endorsement"
+    Endorsement:
+      Type: ImplicitMeta
+      Rule: "MAJORITY Endorsement"
+  Capabilities:
+    <<: *ApplicationCapabilities
+################################################################################
+#
+#   SECTION: Orderer
+#
+#   - This section defines the values to encode into a config transaction or
+#   genesis block for orderer related parameters
+#
+################################################################################
+Orderer: &OrdererDefaults
+  # Batch Timeout: The amount of time to wait before creating a batch
+  BatchTimeout: 2s
+  # Batch Size: Controls the number of messages batched into a block
+  BatchSize:
+    # Max Message Count: The maximum number of messages to permit in a batch
+    MaxMessageCount: 10
+    # Absolute Max Bytes: The absolute maximum number of bytes allowed for
+    # the serialized messages in a batch.
+    AbsoluteMaxBytes: 99 MB
+    # Preferred Max Bytes: The preferred maximum number of bytes allowed for
+    # the serialized messages in a batch. A message larger than the preferred
+    # max bytes will result in a batch larger than preferred max bytes.
+    PreferredMaxBytes: 512 KB
+  # Organizations is the list of orgs which are defined as participants on
+  # the orderer side of the network
+  Organizations:
+  # Policies defines the set of policies at this level of the config tree
+  # For Orderer policies, their canonical path is
+  #   /Channel/Orderer/<PolicyName>
+  Policies:
+    Readers:
+      Type: ImplicitMeta
+      Rule: "ANY Readers"
+    Writers:
+      Type: ImplicitMeta
+      Rule: "ANY Writers"
+    Admins:
+      Type: ImplicitMeta
+      Rule: "MAJORITY Admins"
+    # BlockValidation specifies what signatures must be included in the block
+    # from the orderer for the peer to validate it.
+    BlockValidation:
+      Type: ImplicitMeta
+      Rule: "ANY Writers"
+################################################################################
+#
+#   CHANNEL
+#
+#   This section defines the values to encode into a config transaction or
+#   genesis block for channel related parameters.
+#
+################################################################################
+Channel: &ChannelDefaults
+  # Policies defines the set of policies at this level of the config tree
+  # For Channel policies, their canonical path is
+  #   /Channel/<PolicyName>
+  Policies:
+    # Who may invoke the 'Deliver' API
+    Readers:
+      Type: ImplicitMeta
+      Rule: "ANY Readers"
+    # Who may invoke the 'Broadcast' API
+    Writers:
+      Type: ImplicitMeta
+      Rule: "ANY Writers"
+    # By default, who may modify elements at this config level
+    Admins:
+      Type: ImplicitMeta
+      Rule: "MAJORITY Admins"
+  # Capabilities describes the channel level capabilities, see the
+  # dedicated Capabilities section elsewhere in this file for a full
+  # description
+  Capabilities:
+    <<: *ChannelCapabilities
+################################################################################
+#
+#   Profile
+#
+#   - Different configuration profiles may be encoded here to be specified
+#   as parameters to the configtxgen tool
+#
+################################################################################
+Profiles:
+  ChannelUsingBFT:
+    <<: *ChannelDefaults
+    Orderer:
+      <<: *OrdererDefaults
+      Organizations:
+        - *OrdererOrg
+      Capabilities: *OrdererCapabilities
+      OrdererType: BFT
+      SmartBFT:
+        RequestBatchMaxCount: 100
+        RequestBatchMaxInterval: 50ms
+        RequestForwardTimeout: 2s
+        RequestComplainTimeout: 20s
+        RequestAutoRemoveTimeout: 3m0s
+        ViewChangeResendInterval: 5s
+        ViewChangeTimeout: 20s
+        LeaderHeartbeatTimeout: 1m0s
+        CollectTimeout: 1s
+        RequestBatchMaxBytes: 10485760
+        IncomingMessageBufferSize: 200
+        RequestPoolSize: 100000
+        LeaderHeartbeatCount: 10
+      ConsenterMapping:
+        - ID: 1
+          Host: orderer.example.com
+          Port: 7050
+          MSPID: OrdererMSP
+          Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/signcerts/orderer.example.com-cert.pem
+          ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
+          ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
+        - ID: 2
+          Host: orderer2.example.com
+          Port: 7052
+          MSPID: OrdererMSP
+          Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/signcerts/orderer2.example.com-cert.pem
+          ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
+          ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
+        - ID: 3
+          Host: orderer3.example.com
+          Port: 7056
+          MSPID: OrdererMSP
+          Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp/signcerts/orderer3.example.com-cert.pem
+          ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
+          ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
+        - ID: 4
+          Host: orderer4.example.com
+          Port: 7058
+          MSPID: OrdererMSP
+          Identity: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp/signcerts/orderer4.example.com-cert.pem
+          ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
+          ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
+    Application:
+      <<: *ApplicationDefaults
+      Organizations:
+        - *Org1
+        - *Org2
+      Capabilities: *ApplicationCapabilities

test-network/compose/compose-bft-test-net.yaml

@@ -0,0 +1,287 @@
+version: '3.7'
+
+volumes:
+  orderer.example.com:
+  orderer2.example.com:
+  orderer3.example.com:
+  orderer4.example.com:
+  peer0.org1.example.com:
+  peer0.org2.example.com:
+
+networks:
+  test:
+    name: fabric_test
+
+services:
+
+  orderer.example.com:
+    container_name: orderer.example.com
+    image: hyperledger/fabric-orderer:latest
+    labels:
+      service: hyperledger-fabric
+    environment:
+      - FABRIC_LOGGING_SPEC=INFO
+      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
+      - ORDERER_GENERAL_LISTENPORT=7050
+      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
+      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
+      # enabled TLS
+      - ORDERER_GENERAL_TLS_ENABLED=true
+      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_GENERAL_BOOTSTRAPMETHOD=none
+      - ORDERER_CHANNELPARTICIPATION_ENABLED=true
+      - ORDERER_ADMIN_TLS_ENABLED=true
+      - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053
+      - ORDERER_OPERATIONS_LISTENADDRESS=orderer.example.com:9443
+      - ORDERER_METRICS_PROVIDER=prometheus
+    working_dir: /root
+    command: orderer
+    volumes:
+      - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
+      - ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
+      - orderer.example.com:/var/hyperledger/production/orderer
+    ports:
+      - 7050:7050
+      - 7053:7053
+      - 9443:9443
+    networks:
+      - test
+
+  orderer2.example.com:
+    container_name: orderer2.example.com
+    image: hyperledger/fabric-orderer:latest
+    labels:
+      service: hyperledger-fabric
+    environment:
+      - FABRIC_LOGGING_SPEC=INFO
+      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
+      - ORDERER_GENERAL_LISTENPORT=7052
+      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
+      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
+      # enabled TLS
+      - ORDERER_GENERAL_TLS_ENABLED=true
+      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_GENERAL_BOOTSTRAPMETHOD=none
+      - ORDERER_CHANNELPARTICIPATION_ENABLED=true
+      - ORDERER_ADMIN_TLS_ENABLED=true
+      - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7055
+      - ORDERER_OPERATIONS_LISTENADDRESS=orderer2.example.com:9446
+      - ORDERER_METRICS_PROVIDER=prometheus
+    working_dir: /root
+    command: orderer
+    volumes:
+      - ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp:/var/hyperledger/orderer/msp
+      - ../organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/:/var/hyperledger/orderer/tls
+      - orderer2.example.com:/var/hyperledger/production/orderer
+    ports:
+      - 7052:7052
+      - 7055:7055
+      - 9446:9446
+    networks:
+      - test
+
+  orderer3.example.com:
+    container_name: orderer3.example.com
+    image: hyperledger/fabric-orderer:latest
+    labels:
+      service: hyperledger-fabric
+    environment:
+      - FABRIC_LOGGING_SPEC=INFO
+      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
+      - ORDERER_GENERAL_LISTENPORT=7056
+      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
+      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
+      # enabled TLS
+      - ORDERER_GENERAL_TLS_ENABLED=true
+      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_GENERAL_BOOTSTRAPMETHOD=none
+      - ORDERER_CHANNELPARTICIPATION_ENABLED=true
+      - ORDERER_ADMIN_TLS_ENABLED=true
+      - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7057
+      - ORDERER_OPERATIONS_LISTENADDRESS=orderer3.example.com:9447
+      - ORDERER_METRICS_PROVIDER=prometheus
+    working_dir: /root
+    command: orderer
+    volumes:
+      - ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/msp:/var/hyperledger/orderer/msp
+      - ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/:/var/hyperledger/orderer/tls
+      - orderer3.example.com:/var/hyperledger/production/orderer
+    ports:
+      - 7056:7056
+      - 7057:7057
+      - 9447:9447
+    networks:
+      - test
+
+  orderer4.example.com:
+    container_name: orderer4.example.com
+    image: hyperledger/fabric-orderer:latest
+    labels:
+      service: hyperledger-fabric
+    environment:
+      - FABRIC_LOGGING_SPEC=INFO
+      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
+      - ORDERER_GENERAL_LISTENPORT=7058
+      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
+      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
+      # enabled TLS
+      - ORDERER_GENERAL_TLS_ENABLED=true
+      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_GENERAL_BOOTSTRAPMETHOD=none
+      - ORDERER_CHANNELPARTICIPATION_ENABLED=true
+      - ORDERER_ADMIN_TLS_ENABLED=true
+      - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7059
+      - ORDERER_OPERATIONS_LISTENADDRESS=orderer4.example.com:9448
+      - ORDERER_METRICS_PROVIDER=prometheus
+    working_dir: /root
+    command: orderer
+    volumes:
+      - ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/msp:/var/hyperledger/orderer/msp
+      - ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/:/var/hyperledger/orderer/tls
+      - orderer4.example.com:/var/hyperledger/production/orderer
+    ports:
+      - 7058:7058
+      - 7059:7059
+      - 9448:9448
+    networks:
+      - test
+
+
+
+
+  peer0.org1.example.com:
+    container_name: peer0.org1.example.com
+    image: hyperledger/fabric-peer:latest
+    labels:
+      service: hyperledger-fabric
+    environment:
+      - FABRIC_CFG_PATH=/etc/hyperledger/peercfg
+      - FABRIC_LOGGING_SPEC=INFO
+      #- FABRIC_LOGGING_SPEC=DEBUG
+      - CORE_PEER_TLS_ENABLED=true
+      - CORE_PEER_PROFILE_ENABLED=false
+      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
+      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
+      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
+      # Peer specific variables
+      - CORE_PEER_ID=peer0.org1.example.com
+      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
+      - CORE_PEER_LISTENADDRESS=0.0.0.0:7051
+      - CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052
+      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
+      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
+      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
+      - CORE_PEER_LOCALMSPID=Org1MSP
+      - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
+      - CORE_OPERATIONS_LISTENADDRESS=peer0.org1.example.com:9444
+      - CORE_METRICS_PROVIDER=prometheus
+      - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"}
+      - CORE_CHAINCODE_EXECUTETIMEOUT=300s
+    volumes:
+      - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric
+      - peer0.org1.example.com:/var/hyperledger/production
+    working_dir: /root
+    command: peer node start
+    ports:
+      - 7051:7051
+      - 9444:9444
+    networks:
+      - test
+
+  peer0.org2.example.com:
+    container_name: peer0.org2.example.com
+    image: hyperledger/fabric-peer:latest
+    labels:
+      service: hyperledger-fabric
+    environment:
+      - FABRIC_CFG_PATH=/etc/hyperledger/peercfg
+      - FABRIC_LOGGING_SPEC=INFO
+      #- FABRIC_LOGGING_SPEC=DEBUG
+      - CORE_PEER_TLS_ENABLED=true
+      - CORE_PEER_PROFILE_ENABLED=false
+      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
+      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
+      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
+      # Peer specific variables
+      - CORE_PEER_ID=peer0.org2.example.com
+      - CORE_PEER_ADDRESS=peer0.org2.example.com:9051
+      - CORE_PEER_LISTENADDRESS=0.0.0.0:9051
+      - CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052
+      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
+      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051
+      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051
+      - CORE_PEER_LOCALMSPID=Org2MSP
+      - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
+      - CORE_OPERATIONS_LISTENADDRESS=peer0.org2.example.com:9445
+      - CORE_METRICS_PROVIDER=prometheus
+      - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"}
+      - CORE_CHAINCODE_EXECUTETIMEOUT=300s
+    volumes:
+      - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric
+      - peer0.org2.example.com:/var/hyperledger/production
+    working_dir: /root
+    command: peer node start
+    ports:
+      - 9051:9051
+      - 9445:9445
+    networks:
+      - test
+
+  cli:
+    container_name: cli
+    image: hyperledger/fabric-tools:latest
+    labels:
+      service: hyperledger-fabric
+    tty: true
+    stdin_open: true
+    environment:
+      - GOPATH=/opt/gopath
+      - FABRIC_LOGGING_SPEC=INFO
+      - FABRIC_CFG_PATH=/etc/hyperledger/peercfg
+      #- FABRIC_LOGGING_SPEC=DEBUG
+    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
+    command: /bin/bash
+    volumes:
+      - ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations
+      - ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
+    depends_on:
+      - peer0.org1.example.com
+      - peer0.org2.example.com
+    networks:
+      - test

test-network/compose/compose-test-net.yaml

@@ -87,8 +87,8 @@ services:
       - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"}
       - CORE_CHAINCODE_EXECUTETIMEOUT=300s
     volumes:
-        - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric
+      - ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric
-        - peer0.org1.example.com:/var/hyperledger/production
+      - peer0.org1.example.com:/var/hyperledger/production
     working_dir: /root
     command: peer node start
     ports:
@@ -126,8 +126,8 @@ services:
       - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"}
       - CORE_CHAINCODE_EXECUTETIMEOUT=300s
     volumes:
-        - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric
+      - ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric
-        - peer0.org2.example.com:/var/hyperledger/production
+      - peer0.org2.example.com:/var/hyperledger/production
     working_dir: /root
     command: peer node start
     ports:
@@ -151,8 +151,8 @@ services:
     working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
     command: /bin/bash
     volumes:
-        - ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations
+      - ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations
-        - ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
+      - ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
     depends_on:
       - peer0.org1.example.com
       - peer0.org2.example.com

test-network/compose/docker/docker-compose-bft-test-net.yaml

@@ -0,0 +1,38 @@
+# Copyright IBM Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+version: '3.7'
+services:
+  peer0.org1.example.com:
+    container_name: peer0.org1.example.com
+    image: hyperledger/fabric-peer:latest
+    labels:
+      service: hyperledger-fabric
+    environment:
+      #Generic peer variables
+      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
+      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
+    volumes:
+      - ./docker/peercfg:/etc/hyperledger/peercfg
+      - ${DOCKER_SOCK}:/host/var/run/docker.sock
+
+  peer0.org2.example.com:
+    container_name: peer0.org2.example.com
+    image: hyperledger/fabric-peer:latest
+    labels:
+      service: hyperledger-fabric
+    environment:
+      #Generic peer variables
+      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
+      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
+    volumes:
+      - ./docker/peercfg:/etc/hyperledger/peercfg
+      - ${DOCKER_SOCK}:/host/var/run/docker.sock
+  
+  cli:
+    container_name: cli
+    image: hyperledger/fabric-tools:latest
+    volumes:
+      - ./docker/peercfg:/etc/hyperledger/peercfg

test-network/configtx/configtx.yaml

@@ -13,91 +13,77 @@
 #
 ################################################################################
 Organizations:
-
+  - &OrdererOrg
     # SampleOrg defines an MSP using the sampleconfig.  It should never be used
     # in production but may be used as a template for other definitions
-    - &OrdererOrg
+    # DefaultOrg defines the organization which is used in the sampleconfig
-        # DefaultOrg defines the organization which is used in the sampleconfig
+    # of the fabric.git development environment
-        # of the fabric.git development environment
+    Name: OrdererOrg
-        Name: OrdererOrg
+    # ID to load the MSP definition as
-
+    ID: OrdererMSP
-        # ID to load the MSP definition as
+    # MSPDir is the filesystem path which contains the MSP configuration
-        ID: OrdererMSP
+    MSPDir: ../organizations/ordererOrganizations/example.com/msp
-
+    # Policies defines the set of policies at this level of the config tree
-        # MSPDir is the filesystem path which contains the MSP configuration
+    # For organization policies, their canonical path is usually
-        MSPDir: ../organizations/ordererOrganizations/example.com/msp
+    #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
-
+    Policies:
-        # Policies defines the set of policies at this level of the config tree
+      Readers:
-        # For organization policies, their canonical path is usually
+        Type: Signature
-        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
+        Rule: "OR('OrdererMSP.member')"
-        Policies:
+      Writers:
-            Readers:
+        Type: Signature
-                Type: Signature
+        Rule: "OR('OrdererMSP.member')"
-                Rule: "OR('OrdererMSP.member')"
+      Admins:
-            Writers:
+        Type: Signature
-                Type: Signature
+        Rule: "OR('OrdererMSP.admin')"
-                Rule: "OR('OrdererMSP.member')"
+    OrdererEndpoints:
-            Admins:
+      - orderer.example.com:7050
-                Type: Signature
+  - &Org1
-                Rule: "OR('OrdererMSP.admin')"
+    # DefaultOrg defines the organization which is used in the sampleconfig
-
+    # of the fabric.git development environment
-        OrdererEndpoints:
+    Name: Org1MSP
-            - orderer.example.com:7050
+    # ID to load the MSP definition as
-
+    ID: Org1MSP
-    - &Org1
+    MSPDir: ../organizations/peerOrganizations/org1.example.com/msp
-        # DefaultOrg defines the organization which is used in the sampleconfig
+    # Policies defines the set of policies at this level of the config tree
-        # of the fabric.git development environment
+    # For organization policies, their canonical path is usually
-        Name: Org1MSP
+    #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
-
+    Policies:
-        # ID to load the MSP definition as
+      Readers:
-        ID: Org1MSP
+        Type: Signature
-
+        Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
-        MSPDir: ../organizations/peerOrganizations/org1.example.com/msp
+      Writers:
-
+        Type: Signature
-        # Policies defines the set of policies at this level of the config tree
+        Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
-        # For organization policies, their canonical path is usually
+      Admins:
-        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
+        Type: Signature
-        Policies:
+        Rule: "OR('Org1MSP.admin')"
-            Readers:
+      Endorsement:
-                Type: Signature
+        Type: Signature
-                Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
+        Rule: "OR('Org1MSP.peer')"
-            Writers:
+  - &Org2
-                Type: Signature
+    # DefaultOrg defines the organization which is used in the sampleconfig
-                Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
+    # of the fabric.git development environment
-            Admins:
+    Name: Org2MSP
-                Type: Signature
+    # ID to load the MSP definition as
-                Rule: "OR('Org1MSP.admin')"
+    ID: Org2MSP
-            Endorsement:
+    MSPDir: ../organizations/peerOrganizations/org2.example.com/msp
-                Type: Signature
+    # Policies defines the set of policies at this level of the config tree
-                Rule: "OR('Org1MSP.peer')"
+    # For organization policies, their canonical path is usually
-
+    #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
-    - &Org2
+    Policies:
-        # DefaultOrg defines the organization which is used in the sampleconfig
+      Readers:
-        # of the fabric.git development environment
+        Type: Signature
-        Name: Org2MSP
+        Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
-
+      Writers:
-        # ID to load the MSP definition as
+        Type: Signature
-        ID: Org2MSP
+        Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
-
+      Admins:
-        MSPDir: ../organizations/peerOrganizations/org2.example.com/msp
+        Type: Signature
-
+        Rule: "OR('Org2MSP.admin')"
-        # Policies defines the set of policies at this level of the config tree
+      Endorsement:
-        # For organization policies, their canonical path is usually
+        Type: Signature
-        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
+        Rule: "OR('Org2MSP.peer')"
-        Policies:
-            Readers:
-                Type: Signature
-                Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
-            Writers:
-                Type: Signature
-                Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
-            Admins:
-                Type: Signature
-                Rule: "OR('Org2MSP.admin')"
-            Endorsement:
-                Type: Signature
-                Rule: "OR('Org2MSP.peer')"
-
 ################################################################################
 #
 #   SECTION: Capabilities
@@ -118,41 +104,37 @@ Organizations:
 #
 ################################################################################
 Capabilities:
-    # Channel capabilities apply to both the orderers and the peers and must be
+  # Channel capabilities apply to both the orderers and the peers and must be
-    # supported by both.
+  # supported by both.
-    # Set the value of the capability to true to require it.
+  # Set the value of the capability to true to require it.
-    Channel: &ChannelCapabilities
+  Channel: &ChannelCapabilities
-        # V2_0 capability ensures that orderers and peers behave according
+    # V2_0 capability ensures that orderers and peers behave according
-        # to v2.0 channel capabilities. Orderers and peers from
+    # to v2.0 channel capabilities. Orderers and peers from
-        # prior releases would behave in an incompatible way, and are therefore
+    # prior releases would behave in an incompatible way, and are therefore
-        # not able to participate in channels at v2.0 capability.
+    # not able to participate in channels at v2.0 capability.
-        # Prior to enabling V2.0 channel capabilities, ensure that all
+    # Prior to enabling V2.0 channel capabilities, ensure that all
-        # orderers and peers on a channel are at v2.0.0 or later.
+    # orderers and peers on a channel are at v2.0.0 or later.
-        V2_0: true
+    V2_0: true
-        
+  # Orderer capabilities apply only to the orderers, and may be safely
-
+  # used with prior release peers.
-    # Orderer capabilities apply only to the orderers, and may be safely
+  # Set the value of the capability to true to require it.
-    # used with prior release peers.
+  Orderer: &OrdererCapabilities
-    # Set the value of the capability to true to require it.
+    # V2_0 orderer capability ensures that orderers behave according
-    Orderer: &OrdererCapabilities
+    # to v2.0 orderer capabilities. Orderers from
-        # V2_0 orderer capability ensures that orderers behave according
+    # prior releases would behave in an incompatible way, and are therefore
-        # to v2.0 orderer capabilities. Orderers from
+    # not able to participate in channels at v2.0 orderer capability.
-        # prior releases would behave in an incompatible way, and are therefore
+    # Prior to enabling V2.0 orderer capabilities, ensure that all
-        # not able to participate in channels at v2.0 orderer capability.
+    # orderers on channel are at v2.0.0 or later.
-        # Prior to enabling V2.0 orderer capabilities, ensure that all
+    V2_0: true
-        # orderers on channel are at v2.0.0 or later.
+  # Application capabilities apply only to the peer network, and may be safely
-        V2_0: true
+  # used with prior release orderers.
-
+  # Set the value of the capability to true to require it.
-    # Application capabilities apply only to the peer network, and may be safely
+  Application: &ApplicationCapabilities
-    # used with prior release orderers.
+    # V2.5 for Application enables the new non-backwards compatible
-    # Set the value of the capability to true to require it.
+    # features of fabric v2.5, namely the ability to purge private data.
-    Application: &ApplicationCapabilities
+    # Prior to enabling V2.5 application capabilities, ensure that all
-        # V2.5 for Application enables the new non-backwards compatible
+    # peers on a channel are at v2.5.0 or later.
-        # features of fabric v2.5, namely the ability to purge private data.
+    V2_5: true
-        # Prior to enabling V2.5 application capabilities, ensure that all
-        # peers on a channel are at v2.5.0 or later.
-        V2_5: true
-
 ################################################################################
 #
 #   SECTION: Application
@@ -162,33 +144,30 @@ Capabilities:
 #
 ################################################################################
 Application: &ApplicationDefaults
-
+  # Organizations is the list of orgs which are defined as participants on
-    # Organizations is the list of orgs which are defined as participants on
+  # the application side of the network
-    # the application side of the network
+  Organizations:
-    Organizations:
+  # Policies defines the set of policies at this level of the config tree
-
+  # For Application policies, their canonical path is
-    # Policies defines the set of policies at this level of the config tree
+  #   /Channel/Application/<PolicyName>
-    # For Application policies, their canonical path is
+  Policies:
-    #   /Channel/Application/<PolicyName>
+    Readers:
-    Policies:
+      Type: ImplicitMeta
-        Readers:
+      Rule: "ANY Readers"
-            Type: ImplicitMeta
+    Writers:
-            Rule: "ANY Readers"
+      Type: ImplicitMeta
-        Writers:
+      Rule: "ANY Writers"
-            Type: ImplicitMeta
+    Admins:
-            Rule: "ANY Writers"
+      Type: ImplicitMeta
-        Admins:
+      Rule: "MAJORITY Admins"
-            Type: ImplicitMeta
+    LifecycleEndorsement:
-            Rule: "MAJORITY Admins"
+      Type: ImplicitMeta
-        LifecycleEndorsement:
+      Rule: "MAJORITY Endorsement"
-            Type: ImplicitMeta
+    Endorsement:
-            Rule: "MAJORITY Endorsement"
+      Type: ImplicitMeta
-        Endorsement:
+      Rule: "MAJORITY Endorsement"
-            Type: ImplicitMeta
+  Capabilities:
-            Rule: "MAJORITY Endorsement"
+    <<: *ApplicationCapabilities
-
-    Capabilities:
-        <<: *ApplicationCapabilities
 ################################################################################
 #
 #   SECTION: Orderer
@@ -198,65 +177,47 @@ Application: &ApplicationDefaults
 #
 ################################################################################
 Orderer: &OrdererDefaults
-
+  # Addresses used to be the list of orderer addresses that clients and peers
-    # Orderer Type: The orderer implementation to start
+  # could connect to.  However, this does not allow clients to associate orderer
-    OrdererType: etcdraft
+  # addresses and orderer organizations which can be useful for things such
-    # Addresses used to be the list of orderer addresses that clients and peers
+  # as TLS validation.  The preferred way to specify orderer addresses is now
-    # could connect to.  However, this does not allow clients to associate orderer
+  # to include the OrdererEndpoints item in your org definition
-    # addresses and orderer organizations which can be useful for things such
+  Addresses:
-    # as TLS validation.  The preferred way to specify orderer addresses is now
+    - orderer.example.com:7050
-    # to include the OrdererEndpoints item in your org definition
+  # Batch Timeout: The amount of time to wait before creating a batch
-    Addresses:
+  BatchTimeout: 2s
-        - orderer.example.com:7050
+  # Batch Size: Controls the number of messages batched into a block
-
+  BatchSize:
-    EtcdRaft:
+    # Max Message Count: The maximum number of messages to permit in a batch
-        Consenters:
+    MaxMessageCount: 10
-        - Host: orderer.example.com
+    # Absolute Max Bytes: The absolute maximum number of bytes allowed for
-          Port: 7050
+    # the serialized messages in a batch.
-          ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
+    AbsoluteMaxBytes: 99 MB
-          ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
+    # Preferred Max Bytes: The preferred maximum number of bytes allowed for
-
+    # the serialized messages in a batch. A message larger than the preferred
-    # Batch Timeout: The amount of time to wait before creating a batch
+    # max bytes will result in a batch larger than preferred max bytes.
-    BatchTimeout: 2s
+    PreferredMaxBytes: 512 KB
-
+  # Organizations is the list of orgs which are defined as participants on
-    # Batch Size: Controls the number of messages batched into a block
+  # the orderer side of the network
-    BatchSize:
+  Organizations:
-
+  # Policies defines the set of policies at this level of the config tree
-        # Max Message Count: The maximum number of messages to permit in a batch
+  # For Orderer policies, their canonical path is
-        MaxMessageCount: 10
+  #   /Channel/Orderer/<PolicyName>
-
+  Policies:
-        # Absolute Max Bytes: The absolute maximum number of bytes allowed for
+    Readers:
-        # the serialized messages in a batch.
+      Type: ImplicitMeta
-        AbsoluteMaxBytes: 99 MB
+      Rule: "ANY Readers"
-
+    Writers:
-        # Preferred Max Bytes: The preferred maximum number of bytes allowed for
+      Type: ImplicitMeta
-        # the serialized messages in a batch. A message larger than the preferred
+      Rule: "ANY Writers"
-        # max bytes will result in a batch larger than preferred max bytes.
+    Admins:
-        PreferredMaxBytes: 512 KB
+      Type: ImplicitMeta
-
+      Rule: "MAJORITY Admins"
-    # Organizations is the list of orgs which are defined as participants on
+    # BlockValidation specifies what signatures must be included in the block
-    # the orderer side of the network
+    # from the orderer for the peer to validate it.
-    Organizations:
+    BlockValidation:
-
+      Type: ImplicitMeta
-    # Policies defines the set of policies at this level of the config tree
+      Rule: "ANY Writers"
-    # For Orderer policies, their canonical path is
-    #   /Channel/Orderer/<PolicyName>
-    Policies:
-        Readers:
-            Type: ImplicitMeta
-            Rule: "ANY Readers"
-        Writers:
-            Type: ImplicitMeta
-            Rule: "ANY Writers"
-        Admins:
-            Type: ImplicitMeta
-            Rule: "MAJORITY Admins"
-        # BlockValidation specifies what signatures must be included in the block
-        # from the orderer for the peer to validate it.
-        BlockValidation:
-            Type: ImplicitMeta
-            Rule: "ANY Writers"
-
 ################################################################################
 #
 #   CHANNEL
@@ -266,29 +227,27 @@ Orderer: &OrdererDefaults
 #
 ################################################################################
 Channel: &ChannelDefaults
-    # Policies defines the set of policies at this level of the config tree
+  # Policies defines the set of policies at this level of the config tree
-    # For Channel policies, their canonical path is
+  # For Channel policies, their canonical path is
-    #   /Channel/<PolicyName>
+  #   /Channel/<PolicyName>
-    Policies:
+  Policies:
-        # Who may invoke the 'Deliver' API
+    # Who may invoke the 'Deliver' API
-        Readers:
+    Readers:
-            Type: ImplicitMeta
+      Type: ImplicitMeta
-            Rule: "ANY Readers"
+      Rule: "ANY Readers"
-        # Who may invoke the 'Broadcast' API
+    # Who may invoke the 'Broadcast' API
-        Writers:
+    Writers:
-            Type: ImplicitMeta
+      Type: ImplicitMeta
-            Rule: "ANY Writers"
+      Rule: "ANY Writers"
-        # By default, who may modify elements at this config level
+    # By default, who may modify elements at this config level
-        Admins:
+    Admins:
-            Type: ImplicitMeta
+      Type: ImplicitMeta
-            Rule: "MAJORITY Admins"
+      Rule: "MAJORITY Admins"
-
+  # Capabilities describes the channel level capabilities, see the
-    # Capabilities describes the channel level capabilities, see the
+  # dedicated Capabilities section elsewhere in this file for a full
-    # dedicated Capabilities section elsewhere in this file for a full
+  # description
-    # description
+  Capabilities:
-    Capabilities:
+    <<: *ChannelCapabilities
-        <<: *ChannelCapabilities
-
 ################################################################################
 #
 #   Profile
@@ -298,17 +257,23 @@ Channel: &ChannelDefaults
 #
 ################################################################################
 Profiles:
-
+  ChannelUsingRaft:
-    TwoOrgsApplicationGenesis:
+    <<: *ChannelDefaults
-        <<: *ChannelDefaults
+    Orderer:
-        Orderer:
+      <<: *OrdererDefaults
-            <<: *OrdererDefaults
+      OrdererType: etcdraft
-            Organizations:
+      EtcdRaft:
-                - *OrdererOrg
+        Consenters:
-            Capabilities: *OrdererCapabilities
+          - Host: orderer.example.com
-        Application:
+            Port: 7050
-            <<: *ApplicationDefaults
+            ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
-            Organizations:
+            ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
-                - *Org1
+      Organizations:
-                - *Org2
+        - *OrdererOrg
-            Capabilities: *ApplicationCapabilities
+      Capabilities: *OrdererCapabilities
+    Application:
+      <<: *ApplicationDefaults
+      Organizations:
+        - *Org1
+        - *Org2
+      Capabilities: *ApplicationCapabilities

test-network/network.sh

@@ -244,6 +244,7 @@ function createOrgs() {
 
 # Bring up the peer and orderer nodes using docker compose.
 function networkUp() {
+
   checkPrereqs
 
   # generate artifacts if they don't exist
@@ -271,6 +272,8 @@ function createChannel() {
   # Bring up the network if it is not already up.
   bringUpNetwork="false"
 
+  local bft_true=$1
+
   if ! $CONTAINER_CLI info > /dev/null 2>&1 ; then
     fatalln "$CONTAINER_CLI network is required to be running to create a channel"
   fi
@@ -293,7 +296,7 @@ function createChannel() {
 
   # now run the script that creates a channel. This script uses configtxgen once
   # to create the channel creation transaction and the anchor peer updates.
-  scripts/createChannel.sh $CHANNEL_NAME $CLI_DELAY $MAX_RETRY $VERBOSE
+  scripts/createChannel.sh $CHANNEL_NAME $CLI_DELAY $MAX_RETRY $VERBOSE $bft_true
 }
 
 
@@ -317,7 +320,8 @@ function deployCCAAS() {
 
 # Tear down running network
 function networkDown() {
-
+  local temp_compose=$COMPOSE_FILE_BASE
+  COMPOSE_FILE_BASE=compose-bft-test-net.yaml
   COMPOSE_BASE_FILES="-f compose/${COMPOSE_FILE_BASE} -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_BASE}"
   COMPOSE_COUCH_FILES="-f compose/${COMPOSE_FILE_COUCH} -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_COUCH}"
   COMPOSE_CA_FILES="-f compose/${COMPOSE_FILE_CA} -f compose/${CONTAINER_CLI}/${CONTAINER_CLI}-${COMPOSE_FILE_CA}"
@@ -337,6 +341,7 @@ function networkDown() {
     fatalln "Container CLI  ${CONTAINER_CLI} not supported"
   fi
 
+  COMPOSE_FILE_BASE=$temp_compose
 
   # Don't remove the generated artifacts -- note, the ledgers are always removed
   if [ "$MODE" != "restart" ]; then
@@ -405,6 +410,9 @@ DATABASE="leveldb"
 SOCK="${DOCKER_HOST:-/var/run/docker.sock}"
 DOCKER_SOCK="${SOCK##unix://}"
 
+# BFT activated flag
+BFT=0
+
 # Parse commandline args
 
 ## Parse mode
@@ -438,6 +446,10 @@ while [[ $# -ge 1 ]] ; do
     CHANNEL_NAME="$2"
     shift
     ;;
+  -bft )
+    BFT=1
+    shift
+    ;;
   -ca )
     CRYPTO="Certificate Authorities"
     ;;
@@ -501,6 +513,11 @@ while [[ $# -ge 1 ]] ; do
   shift
 done
 
+if [ $BFT -eq 1 ]; then
+  export FABRIC_CFG_PATH=${PWD}/bft-config
+  COMPOSE_FILE_BASE=compose-bft-test-net.yaml
+fi
+
 # Are we generating crypto material with this command?
 if [ ! -d "organizations/peerOrganizations" ]; then
   CRYPTO_MODE="with crypto from '${CRYPTO}'"
@@ -515,7 +532,7 @@ if [ "$MODE" == "up" ]; then
 elif [ "$MODE" == "createChannel" ]; then
   infoln "Creating channel '${CHANNEL_NAME}'."
   infoln "If network is not up, starting nodes with CLI timeout of '${MAX_RETRY}' tries and CLI delay of '${CLI_DELAY}' seconds and using database '${DATABASE} ${CRYPTO_MODE}"
-  createChannel
+  createChannel $BFT
 elif [ "$MODE" == "down" ]; then
   infoln "Stopping network"
   networkDown

test-network/organizations/cryptogen/crypto-config-orderer.yaml

@@ -13,6 +13,8 @@ OrdererOrgs:
   - Name: Orderer
     Domain: example.com
     EnableNodeOUs: true
+
+
     # ---------------------------------------------------------------------------
     # "Specs" - See PeerOrgs for complete description
     # ---------------------------------------------------------------------------
@@ -20,3 +22,12 @@ OrdererOrgs:
       - Hostname: orderer
         SANS:
           - localhost
+      - Hostname: orderer2
+        SANS:
+          - localhost
+      - Hostname: orderer3
+        SANS:
+          - localhost
+      - Hostname: orderer4
+        SANS:
+          - localhost

test-network/scripts/add_new_orderer_to_config.py

@@ -0,0 +1,98 @@
+# This is a sample Python script.
+
+# Press ⌃R to execute it or replace it with your code.
+# Press Double ⇧ to search everywhere for classes, files, tool windows, actions, and settings.
+import argparse
+import base64
+import copy
+import json
+import math
+from typing import Any
+
+
+def parse_args():
+    parser = argparse.ArgumentParser(
+        prog='Config Update',
+        description='What the program does',
+        epilog='Text at the bottom of help')
+    parser.add_argument('config_path', type=str)
+    parser.add_argument('updated_config_path', type=str)
+    parser.add_argument('-a', '--address', type=str, required=True)
+    parser.add_argument('-i', '--identity', type=str, required=True)
+    parser.add_argument('-s', '--server-cert', type=str, required=True)
+    parser.add_argument('-c', '--client-cert', type=str, required=True)
+    return parser.parse_args()
+
+
+def _pem_file_to_base64(path: str) -> str:
+    with open(path, 'rb') as binary_file:
+        binary_file_data = binary_file.read()
+        base64_encoded_data = base64.b64encode(binary_file_data)
+        return base64_encoded_data.decode('utf-8')
+
+
+def _log_update(name: str, old: Any, new: Any) -> None:
+    print('=' * 50)
+    print(f'Updating {name}:')
+    print(f'{old}')
+    print(">" * 25)
+    print(f'{new}')
+    print('=' * 50)
+
+
+def _calculate_bft_quorum(n: int) -> int:
+    f = int((n - 1) / 3)
+    return int(math.ceil((n + f + 1) / 2))
+
+
+def update_config(config_path: str, updated_config_path: str, address: str, identity_pem_path: str, server_pem_path: str, client_pem_path: str):
+    with open(config_path, 'r') as f:
+        config = json.load(f)
+    identity = _pem_file_to_base64(identity_pem_path)
+    client_cert = _pem_file_to_base64(client_pem_path)
+    server_cert = _pem_file_to_base64(server_pem_path)
+    host, port = address.split(':')
+
+    addresses = config['channel_group']['groups']['Orderer']['groups']['OrdererOrg']['values']['Endpoints']['value']['addresses']
+    addresses_before_update = copy.deepcopy(addresses)
+    original_orderers_count = len(addresses_before_update)
+    addresses.append(f'{addresses[0].split(":")[0]}:{port}')
+    new_orderers_count = len(addresses)
+    _log_update('addresses', addresses_before_update, addresses)
+
+    identities = config['channel_group']['groups']['Orderer']['policies']['BlockValidation']['policy']['value']['identities']
+    identities_before_update = copy.deepcopy(identities)
+    new_identity = copy.deepcopy(identities[0])
+    new_identity['principal']['id_bytes'] = identity
+    identities.append(new_identity)
+    _log_update('block validation identities', identities_before_update, identities)
+
+    rule = config['channel_group']['groups']['Orderer']['policies']['BlockValidation']['policy']['value'][
+        'rule']
+    rule_before_update = copy.deepcopy(rule)
+    rule['n_out_of']['n'] = _calculate_bft_quorum(new_orderers_count)
+    rule['n_out_of']['rules'].append({'signed_by': new_orderers_count - 1})
+    _log_update('block validation rules', rule_before_update, rule)
+
+    consenter_mapping = config['channel_group']['groups']['Orderer']['values']['Orderers']['value']['consenter_mapping']
+    consenter_mapping_before_update = copy.deepcopy(consenter_mapping)
+    consenter_mapping.append({
+        'client_tls_cert': client_cert,
+        'host': host,
+        'id': new_orderers_count,
+        'identity': identity,
+        'msp_id': consenter_mapping[0]['msp_id'],
+        'port': port,
+        'server_tls_cert': server_cert
+    })
+    _log_update('consenter_mapping', consenter_mapping_before_update, consenter_mapping)
+
+    with open(updated_config_path, 'w') as f:
+        json.dump(config, f)
+
+# Press the green button in the gutter to run the script.
+if __name__ == '__main__':
+    args = parse_args()
+    update_config(args.config_path, args.updated_config_path, args.address, args.identity, args.server_cert, args.client_cert)
+
+# See PyCharm help at https://www.jetbrains.com/help/pycharm/

test-network/scripts/createChannel.sh

@@ -4,14 +4,17 @@
 . scripts/envVar.sh
 . scripts/utils.sh
 
+
 CHANNEL_NAME="$1"
 DELAY="$2"
 MAX_RETRY="$3"
 VERBOSE="$4"
+BFT="$5"
 : ${CHANNEL_NAME:="mychannel"}
 : ${DELAY:="3"}
 : ${MAX_RETRY:="5"}
 : ${VERBOSE:="false"}
+: ${BFT:=0}
 
 : ${CONTAINER_CLI:="docker"}
 : ${CONTAINER_CLI_COMPOSE:="${CONTAINER_CLI}-compose"}
@@ -22,26 +25,39 @@ if [ ! -d "channel-artifacts" ]; then
 fi
 
 createChannelGenesisBlock() {
+  setGlobals 1
 	which configtxgen
 	if [ "$?" -ne 0 ]; then
 		fatalln "configtxgen tool not found."
 	fi
+	local bft_true=$1
 	set -x
-	configtxgen -profile TwoOrgsApplicationGenesis -outputBlock ./channel-artifacts/${CHANNEL_NAME}.block -channelID $CHANNEL_NAME
+
+	if [ $bft_true -eq 1 ]; then
+		configtxgen -profile ChannelUsingBFT -outputBlock ./channel-artifacts/${CHANNEL_NAME}.block -channelID $CHANNEL_NAME
+	else
+		configtxgen -profile ChannelUsingRaft -outputBlock ./channel-artifacts/${CHANNEL_NAME}.block -channelID $CHANNEL_NAME
+	fi
 	res=$?
 	{ set +x; } 2>/dev/null
   verifyResult $res "Failed to generate channel configuration transaction..."
 }
 
 createChannel() {
-	setGlobals 1
 	# Poll in case the raft leader is not set yet
 	local rc=1
 	local COUNTER=1
+	local bft_true=$1
+	infoln "Adding orderers"
 	while [ $rc -ne 0 -a $COUNTER -lt $MAX_RETRY ] ; do
 		sleep $DELAY
 		set -x
-		osnadmin channel join --channelID $CHANNEL_NAME --config-block ./channel-artifacts/${CHANNEL_NAME}.block -o localhost:7053 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >&log.txt
+    . scripts/orderer.sh ${CHANNEL_NAME}> /dev/null 2>&1
+    if [ $bft_true -eq 1 ]; then
+      . scripts/orderer2.sh ${CHANNEL_NAME}> /dev/null 2>&1
+      . scripts/orderer3.sh ${CHANNEL_NAME}> /dev/null 2>&1
+      . scripts/orderer4.sh ${CHANNEL_NAME}> /dev/null 2>&1
+    fi
 		res=$?
 		{ set +x; } 2>/dev/null
 		let rc=$res
@@ -53,8 +69,8 @@ createChannel() {
 
 # joinChannel ORG
 joinChannel() {
-  FABRIC_CFG_PATH=$PWD/../config/
   ORG=$1
+  FABRIC_CFG_PATH=$PWD/../config/
   setGlobals $ORG
 	local rc=1
 	local COUNTER=1
@@ -77,18 +93,23 @@ setAnchorPeer() {
   ${CONTAINER_CLI} exec cli ./scripts/setAnchorPeer.sh $ORG $CHANNEL_NAME 
 }
 
-FABRIC_CFG_PATH=${PWD}/configtx
+
 
 ## Create channel genesis block
-infoln "Generating channel genesis block '${CHANNEL_NAME}.block'"
-createChannelGenesisBlock
-
 FABRIC_CFG_PATH=$PWD/../config/
 BLOCKFILE="./channel-artifacts/${CHANNEL_NAME}.block"
 
+infoln "Generating channel genesis block '${CHANNEL_NAME}.block'"
+FABRIC_CFG_PATH=${PWD}/configtx
+if [ $BFT -eq 1 ]; then
+  FABRIC_CFG_PATH=${PWD}/bft-config
+fi
+createChannelGenesisBlock $BFT
+
+
 ## Create channel
 infoln "Creating channel ${CHANNEL_NAME}"
-createChannel
+createChannel $BFT
 successln "Channel '$CHANNEL_NAME' created"
 
 ## Join all the peers to the channel

test-network/scripts/envVar.sh

@@ -15,8 +15,6 @@ export ORDERER_CA=${PWD}/organizations/ordererOrganizations/example.com/tlsca/tl
 export PEER0_ORG1_CA=${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
 export PEER0_ORG2_CA=${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
 export PEER0_ORG3_CA=${PWD}/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem
-export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
-export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key
 
 # Set environment variables for the peer org
 setGlobals() {
@@ -37,7 +35,6 @@ setGlobals() {
     export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA
     export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
     export CORE_PEER_ADDRESS=localhost:9051
-
   elif [ $USING_ORG -eq 3 ]; then
     export CORE_PEER_LOCALMSPID="Org3MSP"
     export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG3_CA

test-network/scripts/orderer.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+
+channel_name=$1
+
+export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH
+export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt /dev/null 2>&1
+export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key /dev/null 2>&1
+
+osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7053 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1

test-network/scripts/orderer2.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+
+channel_name=$1
+
+export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH
+export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt /dev/null 2>&1
+export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key > /dev/null 2>&1
+
+osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7055 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1

test-network/scripts/orderer3.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+
+channel_name=$1
+
+export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH
+export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt /dev/null 2>&1
+export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.key > /dev/null 2>&1
+
+osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7057 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1

test-network/scripts/orderer4.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+
+channel_name=$1
+
+export PATH=${ROOTDIR}/../bin:${PWD}/../bin:$PATH
+export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt /dev/null 2>&1
+export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.key > /dev/null 2>&1
+
+osnadmin channel join --channelID ${channel_name} --config-block ./channel-artifacts/${channel_name}.block -o localhost:7059 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY" >> log.txt 2>&1